From 87890ad29707f994ac6e785030b48216e0010ede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Thu, 2 Apr 2015 11:58:45 +0200 Subject: [PATCH] simplesaml: activate signature and artificat --- inc/simplesamlphp/cert/saml.crt | 22 +++++++++++++++++++ inc/simplesamlphp/cert/saml.pem | 28 ++++++++++++++++++++++++ inc/simplesamlphp/config/authsources.php | 6 +++++ 3 files changed, 56 insertions(+) create mode 100644 inc/simplesamlphp/cert/saml.crt create mode 100644 inc/simplesamlphp/cert/saml.pem diff --git a/inc/simplesamlphp/cert/saml.crt b/inc/simplesamlphp/cert/saml.crt new file mode 100644 index 0000000..59b9e94 --- /dev/null +++ b/inc/simplesamlphp/cert/saml.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuTCCAqGgAwIBAgIJAIOURAhjhobwMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV +BAYTAkZSMQwwCgYDVQQIDANJREYxDjAMBgNVBAcMBVBhcmlzMRQwEgYDVQQKDAtF +bnRyJ291dmVydDEMMAoGA1UECwwDd3d3MSIwIAYJKoZIhvcNAQkBFhNpbmZvQGVu +dHJvdXZlcnQuY29tMB4XDTE1MDQwMjA5NTczNloXDTI1MDQwMTA5NTczNlowczEL +MAkGA1UEBhMCRlIxDDAKBgNVBAgMA0lERjEOMAwGA1UEBwwFUGFyaXMxFDASBgNV +BAoMC0VudHInb3V2ZXJ0MQwwCgYDVQQLDAN3d3cxIjAgBgkqhkiG9w0BCQEWE2lu +Zm9AZW50cm91dmVydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDEwR4IbG6FYZYDf015LtJUswz/AcCndWLfX2lt6QVygf9aMBDsDroa1v0IWusk ++VSWV9RD/Z8mVLE9sbpZqQhXYzqJB05YLgilHCBIVv2fMeMTzHXjmcoUa/VSAi83 +KMe3OLSrJ+LxnXa214fyEZVN+JHjd/JvF+6UGvykJ3/uP2S/xjEIcFx8QgRcng1K +Ac0Yr4P5LPrKh7KOdS/5LJ2pyco2VjSGJLBNDOH/u8SZ8MSQ464h4/CdkpIfJC09 +o7X9nLSUB7bMVQgH9dfcheTJVajP5VqeDMtZuSDovClliNhJ43ZzCy7qV/kHlakV +H80VZQ6AcuDtYXd4O4peRZMjAgMBAAGjUDBOMB0GA1UdDgQWBBSkF5REIBi5ninD +CQYjl2SmlA2byjAfBgNVHSMEGDAWgBSkF5REIBi5ninDCQYjl2SmlA2byjAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC0nMiq4bxDu7cyPRYgzebh4UOO +WJ52R7UXzIcBCqlfbDnAWMBIt8v++AszfdzCI3ZazWA54JyssDASr8neAJh9cmUq +r9EeZpcb/u6ukECQDnqs2UvVfj35JmmSeRNjcYi6Hjv0ikGS4KRn+YF0ZNyXIEU9 +IIb2vJndVYcX5B9z1R8k5KD3b+iu7+V4C00zme/r22cPaPgBXbkV/EFpWw0PTv6K +utu7ksVC/NCWu+XihPLDlJCeIgG2k720XAib7y2ntFHKjT7kszPFFhGyTNfJ8JjD +79wtpB/RNJ/4H62mNmuXtNfX3JJKRYRjnCB62Z2U5QVhoWlzSRWSNQv5h5i3 +-----END CERTIFICATE----- diff --git a/inc/simplesamlphp/cert/saml.pem b/inc/simplesamlphp/cert/saml.pem new file mode 100644 index 0000000..7c3cf62 --- /dev/null +++ b/inc/simplesamlphp/cert/saml.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEwR4IbG6FYZYD +f015LtJUswz/AcCndWLfX2lt6QVygf9aMBDsDroa1v0IWusk+VSWV9RD/Z8mVLE9 +sbpZqQhXYzqJB05YLgilHCBIVv2fMeMTzHXjmcoUa/VSAi83KMe3OLSrJ+LxnXa2 +14fyEZVN+JHjd/JvF+6UGvykJ3/uP2S/xjEIcFx8QgRcng1KAc0Yr4P5LPrKh7KO +dS/5LJ2pyco2VjSGJLBNDOH/u8SZ8MSQ464h4/CdkpIfJC09o7X9nLSUB7bMVQgH +9dfcheTJVajP5VqeDMtZuSDovClliNhJ43ZzCy7qV/kHlakVH80VZQ6AcuDtYXd4 +O4peRZMjAgMBAAECggEAWsDM7ou9Ss6hWEme3ZeoMqNIClOvnk455dhnk+fYuGGX +++yR0aBVXU3u9qyhK7PJvXMTmKzifNaxzkgtMXATReOiO1RgYbISEL5xcYyWfZiQ +KjCz6+Ci4lqNlF8nkiTAQhXo182VE2dTO7Ecpp5PpOBTwn0wGOgMBsqP39PMYYKR +4nO63QXj6C2fV3bOIS3wF9F1iia8iWIgNJgjbQQtQeCDowWyVtt8+QNk5X5nrzJ6 +mTO2qJrzUNk/Yu5gX3vF4dyJ6Goo2O5wylK4JZWqCZU5s1/fmLc0Z4DK8d9eNYfM +ihbRlamctHq40Uj5PyUWvYllOwzRY/HIUIIYcuA4GQKBgQD5+RJa9XRAGlt+Bl8H +dAdNUpTkyVC2pSFWn76elEwidPSM0SZAqEY7/D5iTMqwTttLDTnk+fkINepHjs1F +suP/sZCoe+4s2WGrJNU4n8kz/rehChtPzVf4NGpqejkzL+6A4EpMYu4JKQrrgP6b +DP0gxLaMQHBBNJpZBP6UkA031wKBgQDJf49vZLWxvn4eTF7VqoRByPy1FxzRMxaN +vTx1LvxKRhpBWqQW0ht/g/Z/SPQZ4KXkmFl+zFLWFJMkmOC/Khpbm+UPMa7fnhVd +8qNDtqu9TlzLLI90wxT4Ay1O7iHO6mAeXkxL+dkXCSVOiAXloGzPGWfHv7E4GdYD +X4/X9k4llQKBgQCpqCKNGYqM91ahcjGNHXLXR/VGUlw1ml3GLSVy+7OwrzBLYqhT +ueHxVIICtZvbjanIhnGEtyQOLomTh5hKdd/I6vsDXxmH1wIy5gzRIaGtaHO5GOLw +hq3uB6UyH0IzO5TkY1YKAhsMnI6MyEAFfAtQ8jHzfsixeMJJKNqgeiR+gQKBgD4j +GiZt1iIT7myFfJFDXjmzM0rc78QLjx7yhlxUuvRkneAdhZCMBnLSTQd/hdcdEctm +t+KEO99MxPt6MYSCBVLOxlpjJdxLsachFfvhryBXtAHroemN5z98K1K12LMoT6/N +wJWFXM7fwSNwivD/Ac7ztK9Ci/IS9Y5gv8kHaZ3pAoGBAOy9HM+HG9+dLlWHbmmL +LjoqaqsJrSyEQ/sH8Rq6AHHBDYwLTs7KHM5xOwkiU5Z3t9wLKJuRZE5mHN+q2mdP +alEqHldz+W/06PYICF5MPmJ/vT0ev5dt8nzwGaRnyBrgr+Rh2N1ho2yYeO/3XcRe +wa7hpLfbdU1zGEamtyKBMP9m +-----END PRIVATE KEY----- diff --git a/inc/simplesamlphp/config/authsources.php b/inc/simplesamlphp/config/authsources.php index 3e00a68..7210130 100644 --- a/inc/simplesamlphp/config/authsources.php +++ b/inc/simplesamlphp/config/authsources.php @@ -36,6 +36,12 @@ $config = array( // Force persistent NameID 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', + // Artifact by default + 'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', + + 'redirect.sign' => TRUE, + 'privatekey' => 'saml.pem', + 'certificate' => 'saml.crt', /* * WARNING: SHA-1 is disallowed starting January the 1st, 2014.